Man-in-the-Middle Vulnerability in Cisco PIX Firewall
CVE-2002-2139

Currently unrated

Key Information:

Vendor: Cisco
Status: Pix Firewall Software
Vendor: CVE Published:; 31 December 2002

Summary

The Cisco PIX Firewall experiences a vulnerability where it fails to delete duplicate ISAKMP Security Associations (SAs) for a user's VPN session. This oversight may allow local users to hijack active sessions through a man-in-the-middle attack. This vulnerability can compromise the integrity and security of user data and network communications, making it essential for organizations to apply relevant updates and patches to protect against potential exploitation.

References

http://www.cisco.com/warp/public/707/pix-multiple-vuln-pu...

vendor-advisoryx_refsource_CISCO

http://www.ciac.org/ciac/bulletins/n-017.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

http://www.securityfocus.com/bid/6211

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2002